Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1065 Commits
2 Branches
Tree: b4fb8c0c52
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b4fb8c0c52'
${ noResults }
Gazelle/classes/twofa.class.php

twofa.class.php 5.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 
  1. <?php

  2. 

  3. class TwoFactorAuth

  4. {

  5.     private $algorithm;

  6.     private $period;

  7.     private $digits;

  8.     private $issuer;

  9.     private static $_base32dict = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567=';

  10.     private static $_base32;

  11.     private static $_base32lookup = [];

  12.     private static $_supportedalgos = array('sha1', 'sha256', 'sha512', 'md5');

  13. 

  14.     public function __construct($issuer = null, $digits = 6, $period = 30, $algorithm = 'sha1')

  15.     {

  16.         $this->issuer = $issuer;

  17.         $this->digits = $digits;

  18.         $this->period = $period;

  19. 

  20.         $algorithm = strtolower(trim($algorithm));

  21.         if (!in_array($algorithm, self::$_supportedalgos)) {

  22.             $algorithm = 'sha1';

  23.         }

  24.         $this->algorithm = $algorithm;

  25. 

  26.         self::$_base32 = str_split(self::$_base32dict);

  27.         self::$_base32lookup = array_flip(self::$_base32);

  28.     }

  29. 

  30.     public function createSecret($bits = 210)

  31.     {

  32.         $secret = '';

  33.         $bytes = ceil($bits / 5); //We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)

  34.         $rnd = random_bytes($bytes);

  35. 

  36.         for ($i = 0; $i < $bytes; $i++) {

  37.             $secret .= self::$_base32[ord($rnd[$i]) & 31]; //Mask out left 3 bits for 0-31 values

  38.         }

  39.         return $secret;

  40.     }

  41. 

  42.     // Calculate the code with given secret and point in time

  43.     public function getCode($secret, $time = null)

  44.     {

  45.         $secretkey = $this->base32Decode($secret);

  46. 

  47.         $timestamp = "\0\0\0\0" . pack('N*', $this->getTimeSlice($this->getTime($time)));  // Pack time into binary string

  48.         $hashhmac = hash_hmac($this->algorithm, $timestamp, $secretkey, true);             // Hash it with users secret key

  49.         $hashpart = substr($hashhmac, ord(substr($hashhmac, -1)) & 0x0F, 4);               // Use last nibble of result as index/offset and grab 4 bytes of the result

  50.         $value = unpack('N', $hashpart);                                                   // Unpack binary value

  51.         $value = $value[1] & 0x7FFFFFFF;                                                   // Drop MSB, keep only 31 bits

  52. 

  53.         return str_pad($value % pow(10, $this->digits), $this->digits, '0', STR_PAD_LEFT);

  54.     }

  55. 

  56.     // Check if the code is correct. This will accept codes starting from now +/- ($discrepancy * period) seconds

  57.     public function verifyCode($secret, $code, $discrepancy = 1, $time = null)

  58.     {

  59.         $result = false;

  60.         $timetamp = $this->getTime($time);

  61. 

  62.         // Always iterate all possible codes to prevent timing-attacks

  63.         for ($i = -$discrepancy; $i <= $discrepancy; $i++) {

  64.             $result |= hash_equals($this->getCode($secret, $timetamp + ($i * $this->period)), $code);

  65.         }

  66. 

  67.         return (bool)$result;

  68.     }

  69. 

  70.     // Get data-uri of QRCode

  71.     public function getQRCodeImageAsDataUri($label, $secret, $size = 300)

  72.     {

  73.         if (exec('which qrencode')) {

  74.             $QRCodeImage = shell_exec("qrencode -s ".(int)($size/40)." -m 3 -o - '".$this->getQRText($label, $secret)."'");

  75.         } else {

  76.             $curlhandle = curl_init();

  77. 

  78.             curl_setopt_array($curlhandle, array(

  79.             CURLOPT_URL => 'https://chart.googleapis.com/chart?cht=qr&chs='.$size.'x'.$size.'&chld=L|1&chl='.rawurlencode($this->getQRText($label, $secret)),

  80.             CURLOPT_RETURNTRANSFER => true,

  81.             CURLOPT_CONNECTTIMEOUT => 10,

  82.             CURLOPT_DNS_CACHE_TIMEOUT => 10,

  83.             CURLOPT_TIMEOUT => 10,

  84.             CURLOPT_SSL_VERIFYPEER => false,

  85.             CURLOPT_USERAGENT => 'TwoFactorAuth'

  86.             ));

  87. 

  88.             $QRCodeImage = curl_exec($curlhandle);

  89.             curl_close($curlhandle);

  90.         }

  91.         return 'data:image/png;base64,'.base64_encode($QRCodeImage);

  92.     }

  93. 

  94.     private function getTime($time)

  95.     {

  96.         return ($time === null) ? time() : $time;

  97.     }

  98. 

  99.     private function getTimeSlice($time = null, $offset = 0)

  100.     {

  101.         return (int)floor($time / $this->period) + ($offset * $this->period);

  102.     }

  103. 

  104.     // Builds a string to be encoded in a QR code

  105.     public function getQRText($label, $secret)

  106.     {

  107.         $QRText = 'otpauth://totp/'.rawurlencode($label).'?secret='.rawurlencode($secret);

  108.         $QRText .= ($this->issuer) ? '&issuer='.rawurlencode($this->issuer) : '';

  109.         $QRText .= ($this->period != 30) ? '&period='.intval($this->period) : '';

  110.         $QRText .= ($this->algorithm != 'sha1') ? '&algorithm='.rawurlencode(strtoupper($this->algorithm)) : '';

  111.         $QRText .= ($this->digits != 6) ? '&digits='.intval($this->digits) : '';

  112.         return $QRText;

  113.     }

  114. 

  115.     private function base32Decode($value)

  116.     {

  117.         if (strlen($value)==0) {

  118.             return '';

  119.         }

  120. 

  121.         $buffer = '';

  122.         foreach (str_split($value) as $char) {

  123.             if ($char !== '=') {

  124.                 $buffer .= str_pad(decbin(self::$_base32lookup[$char]), 5, 0, STR_PAD_LEFT);

  125.             }

  126.         }

  127.         

  128.         $length = strlen($buffer);

  129.         $blocks = trim(chunk_split(substr($buffer, 0, $length - ($length % 8)), 8, ' '));

  130. 

  131.         $output = '';

  132.         foreach (explode(' ', $blocks) as $block) {

  133.             $output .= chr(bindec(str_pad($block, 8, 0, STR_PAD_RIGHT)));

  134.         }

  135. 

  136.         return $output;

  137.     }

  138. }